{"id":21878310,"url":"https://github.com/pepabo/siteguard_lite-log-parser","last_synced_at":"2025-04-15T03:04:22.988Z","repository":{"id":49049292,"uuid":"142094017","full_name":"pepabo/siteguard_lite-log-parser","owner":"pepabo","description":"A log parser for SiteGuard Lite WAF","archived":false,"fork":false,"pushed_at":"2021-06-30T05:11:52.000Z","size":16,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":92,"default_branch":"master","last_synced_at":"2025-04-15T03:04:08.912Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pepabo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-24T02:31:27.000Z","updated_at":"2021-06-30T05:11:55.000Z","dependencies_parsed_at":"2022-08-21T01:50:21.494Z","dependency_job_id":null,"html_url":"https://github.com/pepabo/siteguard_lite-log-parser","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fsiteguard_lite-log-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fsiteguard_lite-log-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fsiteguard_lite-log-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepabo%2Fsiteguard_lite-log-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pepabo","download_url":"https://codeload.github.com/pepabo/siteguard_lite-log-parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248997083,"owners_count":21195798,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T08:12:17.315Z","updated_at":"2025-04-15T03:04:22.973Z","avatar_url":"https://github.com/pepabo.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SiteguardLite::Log::Parser\n\nA log parser for SiteGuard Lite WAF.\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'siteguard_lite-log-parser'\n```\n\nAnd then execute:\n\n    $ bundle\n\nOr install it yourself as:\n\n    $ gem install siteguard_lite-log-parser\n\n## Usage\n\n```ruby\nrequire 'siteguard_lite/log/parser'\n\nparser = SiteguardLiteLogParser.new(log_type)\nlog = parser.parse(log_str)\n```\n\nThe supported log types are following.\n\n- `detect`: Parse a `detect.log` format string\n\nThe `new` function accepts a optional hash with following keys.\n\n- `leading_time`: A time string at the beginning of the line (optional, default: `false`)\n  - SiteGuard Liteの管理画面からダウンロードしたログファイルには行頭に`YYYY-MM-DD hh:mm:ss : `という形式の日時文字列が付いているので、このオプションが必要です。\n\n### detect.log\n\nThe parse result have the following keys.\n\n- `time`: クライアントから接続された時刻です。`YYYY-MM-DD hh:mm:ss`形式で表示します。(optional)\n- `time_epoch`: クライアントから接続された時刻です。エポックタイム (1970/01/01 00:00:00(UTC)) からの秒数をミリ秒単位で表示します。\n- `conn_time`: クライアントとの接続時間をミリ秒単位で表示します。\n- `client_ip`: クライアントの IP アドレスを表示します。\n- `file_size`: 転送したファイルのサイズです。\n- `http_method`: HTTP の要求メソッド (GET, POST 等) です。\n- `url`: 接続先の URL です。\n- `hierarchy_code`: \"DIRECT/本製品をインストールしているサーバーの IP アドレス\" を表示します。\n- `content_type`: 送受信するファイルの Content-Type を表示します。利用できない場合は \"-\" となります。\n- `detect_stat`: 検出情報。`DETECT-STAT:WAF:[detect_name]::[detect_str]:[detect_str_all]:`を表示します。\n- `detect_name`: 検出名。以下のいずれかです。\n  - シグネチャ検査: `RULE_SIG/[rule_sig_part]/[rule_sig_name]/[rule_sig_file]/[rule_sig_id]/[rule_sig_signature_name]`\n    - `detect_name_rule`: RULE_SIG\n    - `rule_sig_part`: 検出箇所\n    - `rule_sig_name`: 名前。パラメータ変数、ヘッダフィールド名を表示します。\n    - `rule_sig_file`: シグネチャファイル。OFFICIAL(トラステッド・シグネチャ)、CUSTOM(カスタム・シグネチャ) のいずれかです。\n    - `rule_sig_id`: シグネチャID\n    - `rule_sig_signature_name`: シグネチャ名\n  - フィルタ: `WAF_FILTER/[IP アドレス]` **(NOT SUPPORTED)**\n  - URL デコードエラー: `RULE_URLDECODE/[検出箇所]/[名前]` **(NOT SUPPORTED)**\n  - パラメータ数の上限値の制限: `RULE_PARAMS_NUM/[rule_params_num_part/[rule_params_num_threshold]`\n    - `detect_name_rule`: RULE_PARAMS_NUM\n    - `rule_params_num_part`: 検出箇所\n    - `rule_params_num_threshold`: パラメータ数の上限値\n- `detect_str`: 検出文字列\n- `detect_str_all`: 検出文字列(全体)\n- `action`: 動作。`ACTION:[action_str]:`を表示します。\n- `action_str`: 動作。MONITOR, BLOCK, FILTERのいずれかです。\n- `judge`: `JUDGE:[judge_str]:[monitor_url]:`を表示します。\n- `judge_str`: 判定。MONITOR, BLOCK, FILTERのいずれかです。\n- `monitor_url`: 監視 URL の設定。0(監視 URL に該当しない)、1(監視 URL に該当する)のいずれかです。\n- `search_key`: 検索キー。`SEARCH-KEY:[search_key_time_epock.seach_key_nginx_request_id]:`を表示します。\n- `search_key_time_epoch`: 時刻(エポックタイム)\n- `search_key_nginx_request_id`: nginx リクエスト ID\n\n## siteguard_lite-log\n\nThe command line tool to parse logs. This tool output as LTSV format.\n\n```\ncat detect.log | siteguard_lite-log\n```\n\nUsage:\n```\n$ siteguard_lite-log --help\nUsage: siteguard_lite-log [options]\n        --type VAL                   Specify log type. (default: detect)\n        --leading-time               The log have the time string at heading of the line\n```\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/pepabo/siteguard_lite-log-parser.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Fsiteguard_lite-log-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpepabo%2Fsiteguard_lite-log-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepabo%2Fsiteguard_lite-log-parser/lists"}